GDPR and Webfonts loading = problem ?!

[DRMasterChief]

Hi, as part of the GDPR handling, I came across the fact that a 3rd-party shop module loads Google web fonts (and i think also the original Theme does so).

That seems to be a problem and has to be noted in the privacy policy, according to law. I also found some detailed information in German (https://www.7media.de/wp-coaching/dsgvo-neue-datenschutz-anforderungen/) This report is just about it, it's about the reloading of webfonts with GDPR and that this reloading definitely should not be done anymore with 25. May.

Everyone can check for themselves, if the design or Theme of the shop itself uses Google fonts and usually then they are reloaded from the Google servers. You can search for something like this in the source code: //ajax.googleapis.com / .

If I understand the Google license correctly, you can use the fonts offered by Google (https://fonts.google.com/) for free and also install them locally. But these fonts are only available in .tff , and conversion to another file format like , .eot, .svg etc. seems to be a license violation.

In many themes (also in the original) there is a script that loads the webfonts.

How do you deal with it now? I'm a bit baffled here again and would like to try to load the Google Webfonts not from extern source, but only from local server. How can we do this?

[lesley]

I am not convinced that they are a problem. The do not cookie, and there is no documentation that Google actually stores a log.

The code you are talking about is the ajax font loader, not all themes use that method, some are directly inserted.

[DRMasterChief]

Hello, when a Google font is loaded directly from the Google server in the US, your IP address will be sent to this server. Advocates and IT-consultants have concerns that Google may store this data internally (and maybe use it not or later to track visitors or to create profiles).

Would it be possible with TB store to load the webfonts from the local server the shop is installed? Should not that much effort and another security thing to be ok with GDPR.

[lesley]

If they do not log it, it is not an issue then IMO. But if it is an issue, then its going to be more than GWF that are a problem. Browser shims will be a problem, using cloudflare will be a problem, having a webhost will be a problem, cloud servers will be a problem, jquery will be a problem, so the webfonts are actually the least of the problem.

But to answer your question directly, yes, its possible. Somewhere some time ago I wrote something for 1.7 because of it. It might be in the gitter archives, I am not sure.

[lesley]

You might read this github thread as well, https://github.com/google/fonts/issues/1495

[DRMasterChief]

Thank you for your input about his. I have found https://developers.google.com/fonts/faq#whatdoesusingthegooglefontsapimeanfortheprivacyofmy_users
which sometimes is good and sometimes not.... damn.

but thats an fact from the Github discussion: .....For example collecting and processing the user's IP without the user's consent is against the GDPR. If the user does not consent then it doesn't matter how the data is collected/processed/transferred, it's still against the law......

more about this is in Recital 49 EU GDPR

[DRMasterChief]

OK thank you, thats also an solution. Would it be possible to choose the consents in BO ?

[Traumflug]

the alternative fonts defined in your CSS and hope the layout does not look too bad.

These Google fonts are Open Source, aren't they? Accordingly, font and alternative font can be the same.

AFAIK, the original idea of these Google fonts was the hope to have shorter loading times due to another site visited by the user downloading the font already. With virtually every site choosing a different font this foundation dwindles. I'd simply stop asking for Google fonts from Google sites and provide my own copy instead. Server load for serving files unprocessed (like fonts, static images, static pages) is minuscule.

[DRMasterChief]

this cookie hint looks awesome, great job. for the moment we will not use a cookie hint. prefered is to load the fonts locally from the webhosting server (its only 1 font). if we need this cookie thing in the future it is definitely the best i have seen at the moment, also for users!

[Traumflug]

Here’s a mockup of the consent popup: https://codepen.io/firstred/pen/odyYYp

Excellent strategy!

Three cents:

1. One can't deselect the first checkbox. Intuitively I'd expect a slider starting at zero or another checkbox with 'None'.
2. This one: Make sure the website looks consistent should be granted with or without cookies :-) First visits to a site are without cookies and first visits are the most important ones, so one can't afford to have a messed up design, then.
3. I'd drop the word Performance. Meaningless buzzword.

[nickon]

I bet it will kill sales bigtime. I hate the whole gdpr stuff. Making the user choose even the fonts... GOD! I think I will use https://mranftl.com/2014/12/23/self-hosting-google-web-fonts/ and selfhost those and remove one problem from my list

PS: why does tb not update the theme with fonts included ?

[nickon]

@mdekker I would surprise me if it didn't :-D

[Fernando]

Hello,

I would like to know how to remove all google fonts from my site.
Any tips?

TB 1.1.0
Theme Niara version 1.1.0

Thanks

 

[datakick]

4 hours ago, Fernando said:

Hello,

I would like to know how to remove all google fonts from my site.
Any tips?

TB 1.1.0
Theme Niara version 1.1.0

Thanks

 

• Core does not include any fonts
• Niara includes only Raleway font. To get rid of it, remove this line from header.tpl
• Modules can include their own fonts as well

[DRMasterChief]

Hi, you can remove the like as written above or you can change it to your local path on webserver, so the font is loaded from local source on the same webserver as your shop, not from an external source.  I have done this and it works  (you have to upload all fonts to your webserver/path). 

[netamismb]

On 7/11/2020 at 11:04 AM, DRMasterChief said:

Hi, you can remove the like as written above or you can change it to your local path on webserver, so the font is loaded from local source on the same webserver as your shop, not from an external source.  I have done this and it works  (you have to upload all fonts to your webserver/path). 

how have you done that? is it just download the zip https://fonts.google.com/specimen/Raleway#license and add that folder somewhere and change the link in the header.tpl?

Edited July 13, 2020 by netamismb

[DRMasterChief]

yes, it´s like that.  Maybe you find this useful  (it is for other themes, but description is very good): https://answers.themler.io/articles/9064/how-to-use-google-fonts-locally